View
2
Download
0
Category
Preview:
Citation preview
Test Results for Write-Protected Drive:Apricorn Padlock 3 Firmware Version 0510
Federated Testing Suite for Hardware Write Blocking
June 2020
This report was prepared for the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) by the Office of Law Enforcement Standards of the National Institute of Standards and Technology.
For additional information about ongoing DHS S&T cybersecurity projects, please visit https://www.dhs.gov/science-and- technology/cybersecurity
June 2020
Test Results for Write-Protected Drive: Apricorn Padlock 3 Firmware Version 0510
Federated Testing Suite for Hardware Write Blocking
Contents
Introduction ..................................................................................................................................... 1 How to Read This Report ............................................................................................................... 2 1. Device Description .................................................................................................................. 3 2. Testing Organization ............................................................................................................... 3 3. Results Summary .................................................................................................................... 3 4. Test Environment .................................................................................................................... 3 5. Test Result Details by Case .................................................................................................... 4
5.1. FT-HWB-USB ................................................................................................................ 4 5.1.1. Test Case Description ............................................................................................. 4 5.1.2. Test Drive Description ............................................................................................ 4 5.1.3. Test Evaluation Criteria .......................................................................................... 4 5.1.4. Test Case Results .................................................................................................... 4 5.1.5. Case Summary ........................................................................................................ 4
6. Appendix: Additional Details ................................................................................................. 5 6.1. FT-HWB-USB ................................................................................................................ 5
6.1.1. USB 3 ...................................................................................................................... 5 6.2. Test Setup & Analysis Tool Versions ............................................................................. 6
ii
Introduction
The Computer Forensics Tool Testing (CFTT) program is a joint project of the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), National Institute of Justice (NIJ), and National Institute of Standards and Technology (NIST) Special Programs Office and Information Technology Laboratory (ITL). CFTT is supported by other organizations, including the Federal Bureau of Investigation; U.S. Department of Defense Cyber Crime Center; Electronic Crimes Program within the U.S. Internal Revenue Service’s Criminal Investigation Division; and DHS’s Bureau of Immigration and Customs Enforcement, U.S. Customs and Border Protection, and U.S. Secret Service. The objective of the CFTT program is to provide measurable assurance to practitioners, researchers, and other applicable users that the tools used in computer forensics investigations provide accurate results. Accomplishing this requires the development of specifications and test methods for computer forensics tools and subsequent testing of specific tools against those specifications.
Test results provide the information necessary for developers to improve tools, users to make informed choices, and the legal community and others to understand the tools’ capabilities. The CFTT approach to testing computer forensics tools is based on well-recognized methodologies for conformance and quality testing. Interested parties in the computer forensics community can review and comment on the specifications and test methods posted on the CFTT website: https://www.cftt.nist.gov/.
This document reports the results from testing the read-only function of the Apricorn Padlock 3 device firmware version 0510 using the CFTT Federated Testing Test Suite for Hardware Write Blocking, Version 3.1.
Federated Testing is an expansion of the CFTT program to provide forensic investigators and labs with test materials for tool testing and to support shared test reports. The goal of Federated Testing is to help forensic investigators to test the tools that they use in their labs and to enable sharing of tool test results. CFTT’s Federated Testing Forensic Tool Testing Environment and included test suites can be downloaded from https://www.cftt.nist.gov/federated-testing.html and used to test forensic tools. The results can be optionally shared with CFTT, reviewed by CFTT staff, and then shared with the community.
Test results from this and other tools can be found on DHS’s computer forensics webpage, https://www.dhs.gov/science-and-technology/nist-cftt-reports.
June 2020 Page 5 of 10 Apricorn Padlock 3 Ver 0510
How to Read This Report
This report is organized into the following sections:
1. Tested Device Description. The device name, version and vendor information are listed.2. Testing Organization. Contact information and approvals.3. Results Summary. This section identifies any significant anomalies observed in the test
runs. This section provides a narrative of key findings identifying where the device meetsexpectations and provides a summary of any ways the device did not meet expectations.The section also provides any observations of interest about the device or about testingthe device including any observed limitations on device use.
4. Test Environment. Description of hardware and software used in device testing.5. Test Result Details by Case. Automatically generated test results that identify anomalies.6. Appendix: Additional details. Additional details for each test case.
June 2020 Page 6 of 10 Apricorn Padlock 3 Ver 0510
Federated Testing Test Results for Write-Protected Drive: Apricorn Padlock 3
1. Device Description
Device Name: Padlock 3 Firmware Version: 0510
Manufacturer Contact:
Manufacturer: Apricorn
Address: 12191 Kirkham Road Poway, CA 92064
Tel: (800) 458-5448
WWW: https://www.apricorn.com
2. Testing Organization
Organization conducting test: Apricorn Contact: Kevin Su Report date: 8-22-2019 Authored by: Mark D.
3. Results Summary
The tested device performed as expected. Data on the device was unchanged by the attempted writes.
4. Test Environment
Hardware: tests were run using a computer with an ASUS ROG STRIX B450-F Gaming motherboard, AMD Ryzen 5 2600 Six Core CPU, and 16 GB DDR4 Corsair memory.
Padlock 3, firmware version 0510. Put the drive in read-only mode before testing to repeat the tests.
June 2020 Page 7 of 10 Apricorn Padlock 3 Ver 0510
5. Test Result Details by Case
This section presents test results grouped by case.
5.1. FT-HWB-USB 5.1.1. Test Case Description
Test a USB key or USB portable drive’s ability to write-protect when Read-Only mode is enabled. Test the ability of the USB key or USB portable drive to block write commands from the ATA and SCSI command sets issued from a test computer.
5.1.2. Test Drive Description
Manufacturer, model & size of the test drive used for this test: Padlock 3 with 1TB capacity (A25-3PL256-xxxx) configured in read-only mode.
5.1.3. Test Evaluation Criteria
The number of ‘writes not blocked’ should be 0.
5.1.4. Test Case Results
The following table presents results for the test case.
Test Results for FT-HWB-USB
Computer to Drive Connection Write Commands Sent Writes Not Blocked USB 3 36 0
5.1.5. Case Summary
Test drive unchanged.
June 2020 Page 8 of 10 Apricorn Padlock 3 Ver 0510
6. Appendix: Additional Details 6.1. FT-HWB-USB 6.1.1. USB 3
/usr/lib/cgi-bin/test-hwb Thu Aug 22 09:14:56 2019 @(#) test-hwb.c Linux Version 1.3 created 05/17/18 at 15:05:48 compiled May 17 2018 15:06:05 with gcc Version 5.4.0 20160609 @(#) wrapper.c Linux Version 1.5 support lib created 08/03/17 at 13:05:44 @(#) ataraw.c Linux Version 1.3 support lib created 08/03/17 at 13:05:44 @(#) ataraw.h Linux Version 1.3 created 08/03/17 at 13:06:12 cmd: /usr/lib/cgi-bin/test-hwb -bh -p /media/cftt/FT-LOGS/FT-HWB-usb/ Mark_D. AMD-5 FT-HWB-usb usb3 usb /dev/sda operator: Mark_D. host: AMD-5 test case: FT-HWB-usb connection type: usb3 drive/media type: usb device: /dev/sda device type (ATA or SCSI - /usr/lib/cgi-bin/test-hwb tries to guess):
SCSI
Opcode 30h CAh CCh C5h 31h
CBh 3Ch 34h 39h CEh 3Bh 35h 3Dh 36h 3Eh 3Ah 38h
CDh
C0h 0Ah 2Ah AAh 8Ah 7Fh 2Eh AEh 8Eh 7Fh 41h 93h
Command Name Status (ATA) WRITE SECTOR(S) Sent (ATA) WRITE DMA Sent (ATA) WRITE DMA QUEUED Sent (ATA) WRITE MULTIPLE Sent (ATA) WRITE SECTOR(S) Sent w/o retries (ATA) WRITE DMA w/o retries Sent (ATA) WRITE VERIFY Sent (ATA) WRITE SECTOR(S) EXT Sent (ATA) WRITE MULTIPLE EXT Sent (ATA) WRITE MULTIPLE FUA EXT Sent (ATA) WRITE STREAM EXT Sent (ATA) WRITE DMA EXT Sent (ATA) WRITE DMA FUA EXT Sent (ATA) WRITE DMA QUEUED EXT Sent (ATA) WRITE DMA QUEUED FUA EXT Sent (ATA) WRITE STREAM DMA EXT Sent (ATA) CFA WRITE SECTORS Sent W/O ERASE (ATA) CFA WRITE MULTIPLE Sent W/O ERASE (ATA) CFA ERASE SECTORS Sent (SCSI) WRITE 6 Sent (SCSI) WRITE 10 Sent (SCSI) WRITE 12 Sent (SCSI) WRITE 16 Sent (SCSI) WRITE 32 Sent (SCSI) WRITE AND VERIFY 10 Sent (SCSI) WRITE AND VERIFY 12 Sent (SCSI) WRITE AND VERIFY 16 Sent (SCSI) WRITE AND VERIFY 32 Sent (SCSI) WRITE SAME 10 Sent (SCSI) WRITE SAME 16 Sent
Lba/Sector 12288 51712 52224 50432 12544
51968 15360 13312 14592 52736 15104 13568 15616 13824 15872 14848 14336
52480
49152 2576 10768 43536 35344 32528 11792 44560 36368 32529 16656 37648
Result Unchanged Unchanged Unchanged Unchanged Unchanged
Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged
Unchanged
Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged
June 2020 Page 9 of 10 Apricorn Padlock 3 Ver 0510
7Fh 3Fh 9Fh 32h 33h 45h
(SCSI) WRITE SAME 32 (SCSI) WRITE LONG 10 (SCSI) WRITE LONG 16 (ATA) WRITE LONG (ATA) WRITE LONG w/o retries (ATA) WRITE UNCORRECTABLE EXT
Sent Sent Sent Sent Sent Sent
32530 16144 40720 12800 13056 17664
Unchanged Unchanged Unchanged Unchanged Unchanged Unchanged
36 writes sent, 0 write(s) not blocked, 0 write commands unsupported.
RESULTS: test drive unchanged
run start Thu Aug 22 09:14:56 2019 run finish Thu Aug 22 09:14:56 2019 elapsed time 0:0:0 Normal exit
Status Key: Sent - the ioctl used to send this command returned without error and the ATA error bit (if applicable) was not set. Not supported - the ioctl used to send this command return with an error status or the command completed with the ATA error bit set. Test terminated - the test was terminated for dangerous commands because 3 or more previous commands were not blocked.
Result Key: Unchanged - no changes to the test drive were detected. Not Blocked - sending this command resulted in a change to the test drive. This command was NOT blocked! n/a - Not applicable.
6.2. Test Setup & Analysis Tool Versions
Version numbers of tools used are listed.
Setup & Analysis Tool Versions
test-hwb.c Linux Version 1.3 created 05/17/18 at 15:05:48
Tool: @(#) ft_hwb_prt_test_report.py Version 1.2 created 04/26/18 at 10:11:19 OS: Linux Version 4.13.0-37-generic Federated Testing Version 3.1, released 5/25/2018
June 2020 Page 10 of 10 Apricorn Padlock 3 Ver 0510
Recommended